Andrew Cotton's article was first published by the World Online Gambling Law Report on 12 August 2016.

Against the background of the EU 4th Anti-Money Laundering Directive (‘4AMLD’), which member States are required to transpose into national law by June 2017, the British Gambling Commission (‘GC’) has published a revised version of its Licence Conditions and Codes of Practice (‘LCCP’) including significant provisions relating to AML, which will take effect on 31 October 2016. Andrew Cotton, Solicitor and Director of Betting and Gaming at Gordon Dadds, analyses here both the new AML provisions within the amended LCCP and how these relate to a number of recent AML failings by GC-licensed operators over the past year or so.

Delays in implementation of the 4AMLD in the UK

The UK is required to transpose the 4AMLD into law by 27 June 2017. The 4AMLD encompasses all forms of gambling services but Member States are able to exclude gambling sectors on the basis that they have been risk-assessed as low risk. The UK Treasury has not as yet launched its consultation on its risk assessment of the UK gambling industry and what may be excluded from the regulated sector. It now looks as though this consultation will not take place until the last quarter of 2016. The GC confirmed on 28 July 2016 that the revised version of the LCCP will take effect on 31 October 2016. The revisions to the AML provisions in the LCCP follow a string of voluntary settlements with GC-licensed operators during the past year. Some of the cases involve breaches of the existing Money Laundering Regulations 2007 (‘MLRs’) but others relate to the use of the proceeds of crime to gamble on products that do not currently fall within the regulated anti-money laundering (‘AML’) sector. To date operators that fall outside the regulated sector have been required to take into account the GC’s advice on duties and responsibilities under the Proceeds of Crime Act 2002[i]. The GC is in the process of updating this advice.

The advice sets out the risk-based approach that operators should take in managing and mitigating the risks of money laundering occurring in their business. The new licence conditions now mandate all operators to undertake risk assessments and ensure they have appropriate procedures and policies in place to prevent their gambling facilities from being used for money laundering or terrorist financing.

The regulated casino sector is required to act in accordance with the GC’s guidance on anti-money laundering, which has been updated as part of the consultation and took effect on 28 July 2016[ii].

Lessons from recent enforcement action by the GC

A series of high-profile cases have resulted in voluntary settlements requiring licensed operators to pay considerable sums to agreed causes and the operator agreeing to the details of the failings being publicised by the GC, in addition to agreeing to undertake a full review of policies and procedures. The cases highlight some common failings, and in particular a failure to make enquiries as to the source of the funds used.

Rank Group

Rank Group agreed a voluntary settlement with the GC in September 2015[iii], which required it to divest £950,000 in profits. The case related to two separate incidents. In the first there were significant shortcomings in the way a land-based casino handled its business relationship with a high value casino customer. The casino failed to identify and verify the identity of the customer, did not undertake any customer due diligence when forming the business relationship or identify the legitimacy of the source of his funds and did not undertake any enhanced ongoing monitoring.

The casino accepted the customer’s explanation that he owned and operated a chain of Chinese restaurants without taking any steps to independently verify the information. The customer gambled very significant amounts of cash over a three year period and lost a substantial six-figure sum. The customer was sentenced to four years imprisonment for money laundering offences. The casino filed various suspicious activity reports but did not follow up on the suspicions to manage the risk of committing money laundering offences itself.

The second incident involved an online bingo customer who was convicted of defrauding her employers of a six-figure sum. Her gambling spend was relatively low at the outset but her deposits increased substantially to over £5,000 per month without Rank Digital undertaking any customer interaction on her increasing spend.

Rank Digital admitted it did not follow its own social responsibility or AML policies and procedures and it was unable to produce records of its interactions with the online customer. The GC first became aware of the second case when it was contacted by the customer’s employer on the day that the customer was arrested.

Paddy Power

In February 2016 Paddy Power agreed to a voluntary settlement and the payment of £280,000 in relation to three separate incidents[iv]. One involved a breach of social responsibility and AML controls where a customer was encouraged to spend increased amounts on fixed odds betting terminals despite being a problem gambler. When area management decided it needed to investigate the source of the funds the customer was gambling it did not independently verify the information provided by the customer that his family owned a number of restaurants.

The second related to a shop manager’s suspicions that a customer was using gaming machines to launder Scottish banknotes by paying in banknotes and requesting pay out on a debit card. The shop manager escalated his suspicions to more senior staff on at least four occasions. None of the reported suspicions were reported to the Money Laundering Reporting Officer (‘MLRO’) and the manager’s suspicions were repeatedly overruled by middle management on the grounds that the notes involved were British currency. When the police became involved, Paddy Power decided to undertake enhanced due diligence checks to verify that the customer had a legitimate source of funds but was unable to validate the business that the customer claimed to own.

In the third case, the GC became aware from media coverage that Mark Cooney had pleaded guilty to fraud relating to the theft of over £250,000 from customers at the two banks where he worked.

The level of spend triggered Paddy Power’s requirement to undertake enhanced due diligence but no direct enquiries were made with the customer on the source of the funds being used. Cooney was deemed a medium-risk but no further investigation was undertaken on his source of funds.

Gala Coral Group Ltd

In April 2016 Gala Coral Group Ltd agreed to a voluntary settlement relating to historical weaknesses in AML and social responsibility controls[v]. The GC was notified of the conviction of a retail and online customer of Gala Coral for stealing £800,000 from a vulnerable adult. The volume and value of the customer’s spend were clear indicators of potential source of funds concerns, which Gala Coral had not identified or acted on, and it failed to conduct adequate enquiries about the source of funds.

The licensees relied too heavily on uncorroborated information provided by the customer to explain the source of his funds. The licensees failed to follow up on explanations provided to VIP staff at two hospitality events the customer attended. As a result of the increasing spend limited open source searches were undertaken by the licensees, which showed that the customer lived in a modest property and was an electrician. The licensees failed to use further open source options to obtain more detailed information given that the basic information demonstrated that the customer could not afford his levels of gambling. In October 2014 the licensees flagged the customer as one of potential concern given the disparity between his income and spend.

Gala Coral accepted that there were significant weaknesses in the way in which it managed risk with regard to money laundering and problem gambling and proposed a voluntary settlement in which it surrendered the customer spend totalling £846,664, which was paid to the victim and £30,000 towards the GC’s costs. The GC made it clear in its public statement that it expects operators to continually keep their records on the source of funds up to date and to monitor customer behaviour. It was also not until a few months prior to the closure of the customer’s account that the connection between the customer’s online and retail activity was made and the accounts linked.

Petfre (Gibraltar) Limited

In March 2016 the GC initiated a review of the operator licence held by Petfre (Gibraltar) Limited, trading as Betfred.com. The GC found that Betfred had:

failed to put into effect adequate policies and procedures to promote socially responsible gambling; and

failed to put into effect adequate policies and procedures for customer interaction and in particular interaction with high value or VIP customers.

The matter was eventually concluded by way of a voluntary settlement in June 2016[vii].

The GC was notified by the police of an investigation into the theft of over £800,000 from an employer and the offender’s bank statements revealed that a significant amount of the proceeds of the crime had been spent on online gambling.

Betfred was found to have failed to comply with both Regulations 7 and 8 of the MLRs in failing to apply customer due diligence measures on a risk-sensitive and ongoing basis. It failed to make adequate enquiries about the source and legitimacy of funds given that the customer was a high-spending individual gambling remotely and therefore presented a higher risk of money laundering. It also failed to apply enhanced customer due diligence, as required by Regulation 14 of the MLRs, given the higher risk and the fact that the customer was one of its highest spending VIPs.

One of the forms of identification provided was a bank statement showing four payments from the customer’s employer of £14,792 and an attempt had been made to delete the employer’s account details and the payments. The document was accepted as proof of address without any further questions being asked. Betfred also failed to comply with Regulation 19 in failing to keep records of the evidence and supporting documents it considered as part of its due diligence and in failing to maintain adequate records of any customer interaction. Betfred also failed to establish and maintain appropriate risk-sensitive policies and procedures as required by Regulation 20. In particular there was no guidance to employees on how to recognise suspicious transactions and no reference to the requirement to identify customers and how to identify the source of their funds.

As part of the voluntary settlement Betfred agreed to a full independent third party review and audit of its AML and social responsibility policies and that the policies would be updated to reflect the findings of the case and any recommendations by the third party. It also agreed to pay £443,000 to the victims of the criminal activity, £344,500 to socially responsible causes agreed with the GC, in lieu of a financial penalty, and £30,240 to the GC for the costs of the investigation.

The LCCP updates

The GC has repeatedly warned operators in its public statements that they must learn from the failings of other operators and take a critical approach to assessing their own policies and procedures to ensure they are effective and are applied. A summary of the new and amended licence conditions resulting from the GC’s review of the crime-related provisions of the LCCP was published in May 2016[viii]. There are two specific revisions that arise from the GC’s casework over the past year:

AML

New Licence Condition 12: Licence Condition 12.1 requires all UK licensed operators to undertake an assessment of the risks of their business being used for money laundering and terrorist financing. The risk assessment has to be reviewed as necessary in the light of any change in circumstances and in any event, reviewed at least annually.

Following the completion of and having regard to the risk assessment, and any further review of it, all licensed operators must ensure they have appropriate policies, procedures and controls to prevent money laundering and terrorist financing. Licensees must ensure that the policies, procedures and controls are implemented effectively, kept under review and revised to ensure they remain effective and take into account any future voluntary settlements or guidance issued by the GC.

New Condition 12.2 requires remote casino operators licensed by the GC but based in foreign jurisdictions to comply with Parts 2 and 3 of the MLRs and any regulations that revise or supersede the MLRs. This was previously imposed as an individual licence condition on each remote casino operating licence issued to an operator based overseas.

Reporting key events

Addition to Licence Condition 15.2: The GC has been particularly concerned that in the majority of the above cases, it was only informed of the criminal investigation through third parties. Usually this has been the police but in some cases it has been the victim of the crime. In other cases the GC has learned of the use of criminal proceeds to fund gambling through media reports. It has therefore introduced an additional key event in Licence Condition 15, which imposes an obligation on licensees to notify the GC of any criminal investigation by a law enforcement agency in any jurisdiction that involves the licensee and where the circumstances are such that the GC might reasonably be expected to question whether the licensee’s measures to keep crime out of gambling had failed.

The GC confirmed in its response to the LCCP consultation that additional AML reporting requirements will be included when it undertakes its review of regulatory returns.

Gordon Dadds’ Regulatory Solutions team incorporates our specialist Anti-Money Laundering (AML) advice services. Partner Alex Ktorides, is able to advise on undertaking the risk assessment of gambling businesses, which all gambling operators must undertake to comply with new licence condition 12.1, which takes effect on 31st October 2016. Alex Ktorides and Andrew Cotton are also able to advise on the drafting and on-going review of policies, procedures and controls to prevent money laundering and terrorist financing. Our specialist team will also be able to advise on the wider review required as a result of the transposition of the 4th EU Anti Money Laundering Directive.

Thank you to Ben Frost, trainee solicitor in our Licensing & Gaming department, for his help in preparing this article.

Contact the Author

My key specialisms are in betting & gaming, liquor licensing and regulatory law. In addition to the licensing of premises I advise clients on the UK’s remote gaming licensing regime and assist them with their applications to the UK Gambling Commission. I assist clients with a variety of regulatory compliance issues and apply my operational experience, gained in-house at the Rank Group, advising on all aspects of gambling regulation, including anti money laundering and social responsibility policies. I am a member of the International Masters of Gaming Law and the Society for the Study of Gambling.